Lucene search
+L
LenovoSystem Update

15 matches found

CVE
CVE
added 2020/03/27 2:5 p.m.138 views

CVE-2015-7336

CVE-2015-7336 affects Lenovo System Update (ThinkVantage System Update). The vulnerability lies in SUService.exe, which creates a named pipe for system update services; an attacker could bypass the pipeline client identity signature and send arbitrary commands to the pipe when using Lenovo System...

7.5CVSS7.3AI score0.00586EPSS
CVE
CVE
added 2020/03/27 2:5 p.m.137 views

CVE-2015-7334

Lenovo System Update (SUService.exe) local privilege escalation CVE-2015-7334 affects Lenovo System Update prior to and including version 5.07.0008, where the SUService.exe /type COMMAND path could allow an unprivileged user to execute arbitrary code with elevated privileges. The vulnerability ar...

7.8CVSS7.9AI score0.0036EPSS
CVE
CVE
added 2020/03/27 2:5 p.m.133 views

CVE-2015-7335

The CVE-2015-7335 entry concerns a race condition in Lenovo System Update (ThinkVantage System Update) that could allow local privilege escalation on affected systems. Technical details across connected records indicate impact on Lenovo System Update versions up to 5.07.0008 and earlier, enabling...

7CVSS7.3AI score0.0023EPSS
CVE
CVE
added 2020/03/27 2:5 p.m.119 views

CVE-2015-7333

CVE-2015-7333 is a local privilege escalation in Lenovo System Update (ThinkVantage System Update) prior to or including version 5.07.0008. The SUService.exe process handles system updates and accepts commands (type INF and INF_BY_COMPATIBLE_ID) that could be exploited to execute arbitrary code w...

7.8CVSS8AI score0.00351EPSS
CVE
CVE
added 2019/09/26 3:22 p.m.109 views

CVE-2019-6175

CVE-2019-6175 affects Lenovo System Update prior to 5.07.0088. The issue allows writing configuration files to non‑standard locations, leading to a Denial of Service. Affected component: Lenovo System Update (Lenovo PS500271 advisories confirm the vulnerability and recommend upgrading to version ...

7.8CVSS7.4AI score0.0168EPSS
CVE
CVE
added 2023/05/01 2:36 p.m.98 views

CVE-2022-4568

CVE-2022-4568 is described in the initial document as a directory permissions management vulnerability in Lenovo System Update that may allow elevation of privileges. The connected documents corroborate Lenovo-specific context and reference a Lenovo security advisory (LEN-103545) for remediation ...

7.8CVSS7.5AI score0.00187EPSS
CVE
CVE
added 2022/04/22 8:30 p.m.92 views

CVE-2022-0354

Summary: CVE-2022-0354 targets Lenovo System Update. Affected: Lenovo System Update versions before 2022-02-25. Description from PT-2022-2221 indicates an issue during installation of a System Update package that displays a command prompt window, allowing a local user with interactive system acce...

7.8CVSS7.7AI score0.00237EPSS
CVE
CVE
added 2015/05/12 7:0 p.m.69 views

CVE-2015-2219

Lenovo System Update (before 5.06.0034) contains a local privilege escalation due to predictable security tokens used to access the System Update named pipe SUservice.exe. The named pipe, \SUPipeServer, can be interacted with by normal users to inject commands as SYSTEM if a valid token is provid...

7.2CVSS6.8AI score0.04146EPSS
Web
CVE
CVE
added 2023/11/08 9:58 p.m.65 views

CVE-2023-4632

CVE-2023-4632 concerns Lenovo System Update. The vulnerability is an uncontrolled/search path vulnerability in Lenovo System Update that could let a local attacker execute code with elevated privileges due to an untrusted search path. Affected product is Lenovo System Update; root cause is the un...

7.8CVSS7.6AI score0.00317EPSS
CVE
CVE
added 2019/06/26 2:12 p.m.63 views

CVE-2019-6163

The CVE-2019-6163 issue affects Lenovo System Update prior to version 5.07.0084. The vulnerability, a denial of service caused by the ability to write service log files to non-standard locations, is documented across NVD and Lenovo advisories. Remediation is to upgrade Lenovo System Update to ver...

7.5CVSS7.3AI score0.00836EPSS
CVE
CVE
added 2015/05/12 7:0 p.m.55 views

CVE-2015-2233

Lenovo System Update (before 5.06.0034) is affected by CVE-2015-2233 due to improper validation of CA chains during signature validation. This allows a man-in-the-middle with a crafted certificate to upload and execute arbitrary files. Affected software is Lenovo System Update prior to 5.06.0034,...

8.3CVSS7.2AI score0.00404EPSS
CVE
CVE
added 2015/05/12 7:0 p.m.51 views

CVE-2015-2234

CVE-2015-2234 affects Lenovo System Update (versions prior to 5.06.0034). The issue is a race/permission problem where the update files directory is world-writable, allowing a local attacker to replace an update file after signature validation and potentially escalate privileges. The Nes­sus/Kasp...

6.9CVSS6.8AI score0.00269EPSS
CVE
CVE
added 2017/10/02 6:0 p.m.51 views

CVE-2015-6971

Summary of CVE-2015-6971 : Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows a local attacker to submit commands to the SUService.exe and escalate privileges by launching signed Lenovo executables. The root cause is flaws in the security token authentication proce...

7.8CVSS7.7AI score0.00472EPSS
CVE
CVE
added 2018/05/04 4:0 p.m.51 views

CVE-2018-9063

CVE-2018-9063 affects Lenovo System Update’s MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe). Versions prior to 5.07.0072 contain a local buffer overflow by entering very large user ID or password, leading to undefined behavior and potential arbitrary code execution. The exploit is loca...

7.8CVSS7.6AI score0.004EPSS
CVE
CVE
added 2020/09/15 2:20 p.m.50 views

CVE-2020-8342

CVE-2020-8342 impacts Lenovo System Update prior to version 5.07.0106, describing a race condition that could allow privilege escalation. Lenovo’s Lenovo PS500347 advisory and CNVD/NVD entries align on the same vulnerability and provide a remediation: upgrade to 5.07.0106 or newer. Other connecte...

7.3CVSS6.9AI score0.00217EPSS